package cn.kgc.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author 东海龙王
 * @version 1.0
 * @date 2023/3/2 - 11:34
 */
@Configuration
@EnableWebSecurity //启用安全框架,覆盖原有配置
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true) //登录的form表单必须是post提交
public class MySecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 密码加密
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder(){
        return  new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().
                loginPage("/login") //设置登录页面路径
            .loginProcessingUrl("/doLogin") //设置登录提交的路径
            .defaultSuccessUrl("/index",true) //登陆成功跳转页面
            .passwordParameter("userPwd")
            .usernameParameter("userName")
            .permitAll()
            .and().authorizeRequests()
            .antMatchers("/login","/doLogin").permitAll() //交代过滤器放行
            .anyRequest().authenticated()   //除开以上的路径 都是要权限认证
            .and().csrf().disable();
            http.exceptionHandling().accessDeniedPage("/403");
    }
}
